HomeAbout MeSecurityDCLinuxEee PCMusic3D GraphicsRobotsContact Me

The future of cryptography
 12 May 2003
 
Quantum cryptography, steganography and theory of covert channels are three most important directions of development in a modern cryptography.
 
Author: Tomasz Grabowski
Translation: Aleksandra Malak
 
 
Since the beginning of existence, cryptography was an army domain, and information’s about expansion in this particular sphere were strictly controlled. That’s why a modern cryptography, which is a science connected with theoretical mathematics and physics, is quite young. First comprehensive science work about methods of coding is The Index of Coincidence and Its Applications in Cryptography by William F. Friedman, which was published in 1918. This book is still considered as one of the most important cryptanalysis works of XX century.

Clear increase of interest in cryptography as a science domain was seen in years 30’s and 40’s of the last century. One of the most important publication from that time is The Communication Theory of Secrecy Systems by Claude Shannon. With a great dose of probability, this book was uncovered by mistake, because it has been written during the second World War and was a description of the experiments leaded by the author at that time.

The real turning point in a domain of publicly available literature considering cryptography was, nowadays legendary, famous book by David Kahn, The Codebreakers, published in 1967. It helped thousands of people to get acquainted with basic theories and practical aspects of cryptography. The curious thing is a fact, that at that time some chapters of that book were secret, also in Poland.

Today, literature about cryptography – even the very advanced one – is available practically for everyone. We can get an impression, that so much has been written about cryptography in books and specialized articles, that there is nothing secret in it any more. But this is only an impression. Although it is apparently available, the expansion of that domain is still under an envelope of secrets, and sometimes, even independent works are hindered.

However works over cryptography – both the covert and the public one’s – are still in progress. As their effect, techniques, algorithms and conceptions appears, that most certainty are lying under fundaments of  “future coding”. From many directions of nowadays studies over cryptography, three deserve a special care: quantum cryptography, steganography and so called covert channels.

Quantum bugs

Detection of a bug in a phone or a radio net is practically impossible. Of course, we can argue, that with a sufficiently sensitive measurements of voltage in telephone net or a local changes of power intensity in radio waves, the bug can be identified. However, assuming that the bug is leaded “professionally” it is unaccomplishable in practice.

The world of elementary particles bases on a different rules. Quantum cryptography uses a fact – in accordance to rules of quantum mechanics – that we can’t measure any value of elementary particle (for example photon) without having some kind of influence on its state. The measurements of photon speed can influence on its real speed, change of position or an angle of polarization.

For information security, it means that any trial of eavesdrop or interception of the transmission realized with help of elementary particles would be instantly detected. The domain in which quantum cryptography evokes the greatest hopes, is safe exchange of coding keys between sites which participate in communication.
What looks good in theory doesn’t have to succeed in practice. The best, because simplest, way of  transmitting zeros and ones with usage of photons, is giving them different angle of polarization. However, here is the problem: already existing devices emits beams with a solid polarization. The possibility for fast change of light polarization is, at least for now, one of the major barrier in expansion of quantum cryptography.

Another source of trouble is imperfection of centers, in which light is sent. Even in best optical waveguide, a certain number of photons decay. In experiments leaded presently, coding information’s bases, conventionally speaking, on few photons that have the same features. Even if some of them decay on a way, the ones that reach the target would carry the proper information. This method, though seems reasonable, puts under the question mark meaning  of quantum coding. If one photon can decay or change features, doesn’t it give a sufficient wicket for a bug? Also we must consider external interferences. Of course there are methods to eliminate them but still, can’t they be used as a tool to hide the fact that the bug was planted?

Trials of quantum coding are leaded for a few years. Experiments in range of aerial transmission shown, that it is possible to transmit data with usage of quantum coding on distance approximately  10 km. The higher, the lesser air density. So it is possible, that in some conditions, this method can be used to communication between ground-stations and satellites on higher orbits. But that’s another theory, and even if it was true, it’s still not enough – both from operator and Internet user point of view.

Those implementation problems are only a top of an iceberg for problems that stands in a front of the quantum cryptography. We can assume, that it won’t leave walls of laboratory  for a long time, and become most of all, a domain for intellectual practice.

Spying transmissions

The major defect of all presently used methods for coding transmissions is, that the person which eavesdrops is able to detect the fact that data are sent. Even if the spy who works abroad, encipher information’s and then sent them to his homeland, the mere fact that those information’s were activated will stir up suspicions. Besides, even if the eavesdropper doesn’t know what is covert in those enciphered packets, he might want to register them in original order, and on this basis attempt to guess the key.    

One of cryptography domains – steganography - is dealing with covering transmissions. Its usage bases on covering confident information’s inside overt data, for example on coding text messages as a sequence of pixels in JPG picture. Steganography needs direct communication between sender and receiver. This defect doesn’t occur in technique which consist in compiling so called covert channels. Covert communication channel basis on communication with help of state or packing objects, which doesn’t serve to sending data. Here is the example.

Imagine a computer system, in which users can’t communicate with each other. Covert channel forms in case, when sites can identically interpret specific sequences of events. It can be for example, an information about a number of free space on a hard disk, sharing memory, processor, device, interruption (IRQ), and so on. Basing on code that was settled earlier, both sites can send information’s to each other.

For example process A, that receives the message, can demand interruption every 100 ms. Process B also can demand this interruption, however every demand made by process B, will cause time elongation of service for demands made by process A. Measuring time, that passed from the moment the demand was sent, till the time it was received from the operation system, process A is able to determine if the process B demanded interruption in the same time or not, and each state from this two, treat as a 1 or a 0. The examples can be multiplied. Specific technical description of many similar techniques of sending data can be found in published in USA, by National Security Agency document: NCSC-TG-030: A Guide to Understanding Covert Channel Analysis of Trusted Systems.

Experiment in Szczecin

Encipher based on covert channels is not only a theory. To prove that, in Academic Centre of Computer Science at Technical University of Szczecin we created a software for compiling covert channel between web browser and WWW server.

The content of secret message is transferred as followed: the web browser (receiver of the message) sends to server (sender) a demand for downloading dynamically generated WWW site. Server shows every data that are connected with this web site, in a shape of many different files: text, graphic and so on. Coding of covert message bases on a sequence, kind and number of sent files.

Movement analysis or even the content of information won’t do anything.  The one who doesn’t know the method of coding is not able to decipher covert information. He doesn’t even know if there is any communication. Considering the method of coding, individual  transmission enables sending dozens of ASCII signs. And that is enough to send for example user name and the password.